VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat@5.0.30

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-18j8-kwdv-dyak Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc	Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.	5.5.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.13, Affected by 0 other vulnerabilities.
VCID-27q8-96un-9fbk Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r	Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.	5.5.24, Affected by 0 other vulnerabilities. 6.0.11 Affected by 0 other vulnerabilities.
VCID-2jnv-segx-zkfd Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq	Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.	5.5.13, Affected by 0 other vulnerabilities. 5.5.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-6epr-2hbd-skcz Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4	Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."	5.5.23, Affected by 0 other vulnerabilities. 6.0.11 Affected by 0 other vulnerabilities.
VCID-6p3e-4u8s-17ep Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj	Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.	5.5.25, Affected by 0 other vulnerabilities. 6.0.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7969-7a8h-zyhh Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw	Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.	5.5.25, Affected by 0 other vulnerabilities. 6.0.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-86ur-vudp-4yc2 Aliases: CVE-2007-1858	The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.	5.5.17, Affected by 0 other vulnerabilities.
VCID-87p8-zvvf-y7dm Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5	Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.	5.5.22 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.22, Affected by 0 other vulnerabilities. 6.0.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bhq7-d545-27bj Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98	Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.	5.0.31 Affected by 0 other vulnerabilities. 5.5.16 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.5.16, Affected by 0 other vulnerabilities.
VCID-peya-mr7j-vugf Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq	Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.	5.5.25, Affected by 0 other vulnerabilities. 6.0.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q7jp-hn4a-4kec Aliases: CVE-2005-4838	Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.	5.5.7, Affected by 0 other vulnerabilities.
VCID-qxkf-4ddv-j3b7 Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v	Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".	5.5.21, Affected by 0 other vulnerabilities. 6.0.6 Affected by 0 other vulnerabilities.
VCID-skar-qk57-qkdv Aliases: CVE-2006-7195 GHSA-p57v-p3fx-qgwm	Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.	5.5.18 Affected by 0 other vulnerabilities. 5.5.18, Affected by 0 other vulnerabilities.
VCID-tcju-3rvu-wkht Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2	Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.	5.5.25 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.5.25, Affected by 0 other vulnerabilities. 6.0.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

purl	pkg:maven/org.apache.tomcat/tomcat@5.0.30
Tags	Ghost

Next non-vulnerable version	9.0.117
Latest non-vulnerable version	11.0.21
Risk	10.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:00:30.727397+00:00	GHSA Importer	Affected by	VCID-7969-7a8h-zyhh	https://github.com/advisories/GHSA-qff8-g48j-pwpw	38.0.0
2026-04-01T16:00:30.568940+00:00	GHSA Importer	Affected by	VCID-6p3e-4u8s-17ep	https://github.com/advisories/GHSA-6j8f-66vh-39mj	38.0.0
2026-04-01T16:00:30.176291+00:00	GHSA Importer	Affected by	VCID-tcju-3rvu-wkht	https://github.com/advisories/GHSA-5c5p-jxvx-x7j2	38.0.0
2026-04-01T16:00:29.970595+00:00	GHSA Importer	Affected by	VCID-peya-mr7j-vugf	https://github.com/advisories/GHSA-hc39-rjwp-qffq	38.0.0
2026-04-01T16:00:28.549893+00:00	GHSA Importer	Affected by	VCID-skar-qk57-qkdv	https://github.com/advisories/GHSA-p57v-p3fx-qgwm	38.0.0
2026-04-01T12:49:58.937282+00:00	GitLab Importer	Affected by	VCID-peya-mr7j-vugf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-2449.yml	38.0.0
2026-04-01T12:49:58.107635+00:00	GitLab Importer	Affected by	VCID-skar-qk57-qkdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2006-7195.yml	38.0.0
2026-04-01T12:49:56.704364+00:00	GitLab Importer	Affected by	VCID-7969-7a8h-zyhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2007-3382.yml	38.0.0
2026-04-01T12:38:19.480194+00:00	Apache Tomcat Importer	Affected by	VCID-q7jp-hn4a-4kec	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.440554+00:00	Apache Tomcat Importer	Affected by	VCID-18j8-kwdv-dyak	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.401278+00:00	Apache Tomcat Importer	Affected by	VCID-2jnv-segx-zkfd	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.358979+00:00	Apache Tomcat Importer	Affected by	VCID-bhq7-d545-27bj	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.319795+00:00	Apache Tomcat Importer	Affected by	VCID-86ur-vudp-4yc2	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.283499+00:00	Apache Tomcat Importer	Affected by	VCID-skar-qk57-qkdv	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.188172+00:00	Apache Tomcat Importer	Affected by	VCID-qxkf-4ddv-j3b7	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.150380+00:00	Apache Tomcat Importer	Affected by	VCID-87p8-zvvf-y7dm	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.111000+00:00	Apache Tomcat Importer	Affected by	VCID-6epr-2hbd-skcz	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.071106+00:00	Apache Tomcat Importer	Affected by	VCID-27q8-96un-9fbk	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:19.011540+00:00	Apache Tomcat Importer	Affected by	VCID-6p3e-4u8s-17ep	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:18.976931+00:00	Apache Tomcat Importer	Affected by	VCID-7969-7a8h-zyhh	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:18.941672+00:00	Apache Tomcat Importer	Affected by	VCID-tcju-3rvu-wkht	https://tomcat.apache.org/security-5.html	38.0.0
2026-04-01T12:38:18.904703+00:00	Apache Tomcat Importer	Affected by	VCID-peya-mr7j-vugf	https://tomcat.apache.org/security-5.html	38.0.0